CVE-2025-9978
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-10-24
Last updated on: 2025-10-27
Assigner: WPScan
Description
Description
The Jeg Kit for Elementor WordPress plugin before 2.7.0 does not sanitize SVG file contents when uploaded via xmlrpc.php, leading to a cross site scripting vulnerability.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jeg | elementor_kit | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the Jeg Kit for Elementor WordPress plugin before version 2.7.0 is due to the plugin not sanitizing SVG file contents when they are uploaded via xmlrpc.php. This lack of sanitization allows an attacker to inject malicious scripts, leading to a cross-site scripting (XSS) vulnerability.
How can this vulnerability impact me? :
This vulnerability can allow attackers to execute malicious scripts in the context of the affected website, potentially leading to unauthorized actions such as stealing user data, hijacking user sessions, or defacing the website.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70